问题描述
我在调用Google的新Directory API时遇到问题.我一直都在http禁止未经授权访问此资源/api".
I'm having trouble calling Googles new Directory API. I'm getting http forbidden "Not Authorized to access this resource/api" all the time.
我正在使用oauth2和一个服务帐户来访问目录api.请求oauth票证适用于以下范围:
I'm using oauth2 and a service account to access the directory api. The oauth ticket is requested for the following scopes:
"https://www.googleapis.com/auth/admin.directory.user"
"https://www.googleapis.com/auth/admin.directory.group"
"https://www.googleapis.com/auth/admin.directory.orgunit"
该服务帐户是Api项目的所有者,并且已启用Admin SDK服务.如果我没有在oauth请求中提供Principal,我会得到一个oauth令牌,但对admin api的请求失败.
The service account is owner of the Api project and the Admin SDK service is enabled. If I don't provide a Principal in the oauth request I get an oauth token but the request to the admin api fails.
如果我在请求oauth票证的过程中提供了委托人,则即使委托人是管理员,也不会授予该票证.
If I provide a principal in the request for the oauth ticket the ticket will not be granted even if the principal is an administrator.
我是否必须赋予服务帐户其他特权才能使其正常运行,或者我错过了什么?相同的服务帐户可以很好地用于日历API.
Do I have to give the service account additional privilegies to make it work or is there something I have missed. The same service account works fine for the calendar API.
推荐答案
初始化身份验证时是否已分配ServiceAccountUser?在将其设置为域管理员帐户之前,我遇到了同样的错误.
Have you assigned the ServiceAccountUser when initializing the authentication? I was having the same error before I set it to a domain manager account.
这篇关于调用Google Admin SDK目录API时未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!